[SOLVED] Hetzner Server with two public IPs, how to assign one IP to one VM?

[kourampies]

I have a Hetzner server running Debian 11 and Proxmox 7, on which I'm running 3 VMs with success. I use a NAT setup for those, which is very simple since I don't need to forward any ports from the outside, the VMs just need to access the internet. This is the configuration I was running until now, and everything worked fine (public IPs hidden for obvious reasons).

auto lo iface lo inet loopback iface lo inet6 loopback auto enp9s0 iface enp9s0 inet static address aa.bb.cc.190/26 gateway aa.bb.cc.129 up route add -net aa.bb.cc.128 netmask 255.255.255.192 gw aa.bb.cc.129 dev enp9s0 # route aa.bb.cc.128/26 via aa.bb.cc.129 auto vmbr0 iface vmbr0 inet static address 10.10.10.1 netmask 255.255.255.0 bridge-ports none bridge-stp off bridge-fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp9s0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp9s0 -j MASQUERADE

Now I need to add one CT (or VM) with its own public IP, so It can directly access and be accessed on the internet, like a real physical machine. I ordered one more public IPv4 address, got a MAC registered with Hetzner, and used that MAC with the new public IP on a new CT (also tried a VM). The new IP is on the same subnet as the old one, and its aaa.bbb.ccc.187. It didn't work, and whatever configurations I've found didn't work. Hetzners tutorials also didn't work and they seem a bit hard to understand, like poorly translated.

Any suggestions or config samples?

 

[gurubert]

If you have the MAC of the VM registered with Hetzner you can build a bridge interface that has enp9s0 as one port. The VM is then able to directly speak layer 2 (Ethernet) with the outside world.

 

[kourampies]

Can you provide a sample config for this because what hetzner suggests on their documentation doesn't seem to work, it isn't even recognized as a bridge on the proxmox GUI?

 

[B.Otto]

Well you add another bridge interface vmbr1 with bridge-port enp9s0 and move the public IP of your Proxmox to that bridge. Then you need to adjust your iptable rules so that they apply to the interface vmbr1 instead of enp9s0.

Something like this should work - although I would configure it using the GUI:

(As always - since you are tampering with the network connection through which you are connected to Proxmox, be sure that you have an alternative way to connect to your machine in the event that something in the config goes wrong.)

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp9s0
iface enp9s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr1 -j MASQUERADE

auto vmbr1
iface vmbr1 inet static
        address  aa.bb.cc.190/26
        gateway aa.bb.cc.129
        bridge-ports enp9s0
        bridge-stp off
        bridge-fd 0
        up route add -net aa.bb.cc.128 netmask 255.255.255.192 gw aa.bb.cc.129 dev vmbr1

Your VM can then be attached to vmbr1 (with your new public ip configured as static).

 

[kourampies]

Thank you so much for taking the time to give me the full configuration. It works perfectly, keeping the NAT setup on the original 3 VMs, and with the new IP on the new container. Its the first and only configuration that worked for me, nothing found here or on Hetzner support worked.

Thanks again.

 

[pizza]

When you order a additional single IP address on Hetzner, you get also a MAC address for it?

 

[esanuvea]

When you order a additional single IP address on Hetzner, you get also a MAC address for it?

Yes, the MAC is different than the main address

 

[nebulos]

Any changes with proxmox 8?
Can't connect after reboot.


Edit:
Found out that the proxmox is freezing here when loading:s
screenshot is with a KVM from hetzner



Edit2:

So now I got the network up, with this conf.:

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp5s0
iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.10.10.1
    netmask 255.255.255.0
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr1 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr1 -j MASQUERADE

auto vmbr1
iface vmbr1 inet static
    address 92.200.20.122/26
    gateway 92.200.20.65
    bridge-ports enp5s0
    bridge-stp off
    bridge-fd 0
    up ip route add 92.200.20.84/32 dev vmbr1

iface eth0 inet manual

But every time I do a soft reboot, my proxmox won't load completely I think?!? And I can't get into the ssh, but when I do a hardware reset with the reset button, I can get in ..

strange.

Edit3:

So this Hetzner KVM is always freezing, I can't get to login screen.. but ssh comes up and server works.. can't see how the network conf can affect this. And soft reboot or shutdown doesn't work, it's a clean proxmox install on a brand new rented server on hetzner.


Anyway, next step: install OPNsense and never reboot the machine.

 

[uiguy]

Any changes with proxmox 8?
Can't connect after reboot.


Edit:
Found out that the proxmox is freezing here when loading:s
screenshot is with a KVM from hetzner
View attachment 57597


Edit2:

So now I got the network up, with this conf.:

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp5s0
iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.10.10.1
    netmask 255.255.255.0
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr1 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr1 -j MASQUERADE

auto vmbr1
iface vmbr1 inet static
    address 92.200.20.122/26
    gateway 92.200.20.65
    bridge-ports enp5s0
    bridge-stp off
    bridge-fd 0
    up ip route add 92.200.20.84/32 dev vmbr1

iface eth0 inet manual

But every time I do a soft reboot, my proxmox won't load completely I think?!? And I can't get into the ssh, but when I do a hardware reset with the reset button, I can get in ..

strange.

Edit3:

So this Hetzner KVM is always freezing, I can't get to login screen.. but ssh comes up and server works.. can't see how the network conf can affect this. And soft reboot or shutdown doesn't work, it's a clean proxmox install on a brand new rented server on hetzner.
View attachment 57598

Anyway, next step: install OPNsense and never reboot the machine.

Hi, did you get this sorted? I am also running proxmox 8 on Hetzner, a brand new install. I can access the host via the KVM, however I cannot via ssh or browser

Here is my config:

auto lo
iface lo inet loopback
iface lo inet6 loopback


auto enp0s31f6
iface enp0s31f6 inet manual


auto vmbr0
iface vmbr0 inet static
    address 10.10.10.1
    netmask 255.255.255.0
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr1 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr1 -j MASQUERADE


auto vmbr1
iface vmbr1 inet static
    address <<ORIGINAL IP>>/26
    gateway <<ORIGINAL GATEWAY>>
    bridge-ports enp0s31f6
    bridge-stp off
    bridge-fd 0
    up ip route add <<NEW ADDED IP>>/32 dev vmbr1


iface eth0 inet manual